Windows Update Tab (for Ultimate only)
The Windows Update tab allows administrators to manage Windows updates and patch scans across all computers managed by Software Updater Service.
 | Windows Update can only be enabled for Policies without Deep Freeze enabled. In Policies without Deep Freeze enabled, the Software Updater will perform patch scan and Windows Update patch installation. For Policies with Deep Freeze enabled, all Windows updates must be scheduled using the Windows Update Workstation Task in the Deep Freeze policy. Only Windows Update patch reporting will be available through the Software Updater. |
The following policy configuration options are available:
• Perform Windows Updates – Select whether to Always install or Install if approved.
> Always install – Select this option to install category patches without approval required from Admin. Patches will be installed in the next maintenance period unless there is a deferred setting enabled in the policy.
 | Declined patches will not be installed even if they are set to Always install. |
> Install if approved – Select this option to require Admin approval prior to installation of the patch category.
Select the categories of updates to install:
> Critical Update – A widely released fix for a specific problem that addresses a critical, non-security-related bug.
> Security Update – A widely released fix for a product-specific, security-related vulnerability. Security vulnerabilities are rated by their severity as critical, important, moderate, or low.
> Definition Update – A widely released and frequent software update that contains additions to a product’s definition database often used to detect objects that have specific attributes such as malicious code, phishing websites, or junk mail.
> Update Rollup – A tested, cumulative set of hotfixes, security updates, critical updates, and updates packaged together for easy deployment. A rollup generally targets a specific area (such as security), or a component of a product (such as Internet Information Services (IIS)).
> Service pack – A tested, cumulative set of all hotfixes, security updates, critical updates, and updates. Additionally, service packs may contain additional fixes for problems that are found internally since the release of the product. Service packs may also contain a limited number of customer-requested design changes or features.
> Tool – A utility or feature that helps complete a task or set of tasks.
> Feature pack – New product functionality that is first distributed outside the context of a product release and that is typically included in the next full product release.
> Update – A widely released fix for a specific problem that addresses a non-critical, non-security-related bug.
> Drivers – Software that controls the lower level input and output of a device.
> Microsoft – Updates for Microsoft applications.
> Upgrades – Feature updates to Windows Operating Systems.
 | By default, Critical Updates and Security Updates are set to Always install. |
• Defer updates marked as ‘Always install’ by X days from release – Select this option to delay updates that are set to Always install until up to 30 days from the date of the release of the update.
• Patch scan frequency – Select from the drop-down list to schedule how frequently to perform patch scans.
> Once every 24 hours
> Once every 12 hours
> Once every 6 hours
 | Patch scans are triggered once every X hours from the last time it was performed, based on the selected frequency. By default, patch scans are scheduled Once every 24 hours. |
• Force auto-reboot prior to installation if user is logged on – Select this option to force auto-reboot a computer when the machine goes into maintenance if a user is logged on. When selected, the user will receive a notification that the computer is scheduled for maintenance.
• Download Windows updates prior to the scheduled maintenance period – Select this option to enable downloading Windows updates once on every reboot.
• Restart option after updates:
> Always restart – Select this option to reboot the computer after all Windows updates are installed.
> Reboot if required – Select this option to reboot the computer only if the Windows update requires a reboot. This is the default setting.
Prior to a restart, a warning message will be displayed to the user.
Starting from Windows 10
Starting from Windows 10, configure when feature updates or quality updates are to be installed and the targeted channel for which to install the updates.
• Semi-Annual Channel (Targeted) – Select this option to install the updates on select devices to evaluate the major release prior to deployment for the whole organization.
• Semi-Annual Channel – Select this option install the updates for all devices.
Feature updates include new capabilities and improvements. This update can be deferred until up to 365 days.
Quality updates include security improvements. This update can be deferred until up to 30 days.
These Windows update settings will override the corresponding Windows Update local policies on the target workstation.
For the Windows Updates, click Schedule Maintenance Period and select Enable Maintenance Period. Under Actions, select Perform Software Updater tasks.
After Windows Update is configured, apply the policy to the computers.